Hello, Igniters. I'm going to create tickets and start implementation of TDE in a few days.
Any objections? В Пн, 09/04/2018 в 17:55 +0300, Nikolay Izhikov пишет: > Hello, Denis > > > Is it necessary to have CEP keys for every cache? > > With current design, It's necessary to have difference CEK for every > encrypted cache. > I don't this it's an issue because CEK should be generated automatically and > stored internally in Ignite. > Cluster administrator should manage MEK to have > > > I guess it would be up to me which caches to encrypt, right? > > Yes. User can enable TDE for any caches he want. > Other caches will work without any changes. > > > Should we think of procedures of CEP keys regeneration? > > Similar question goes for MEP key. > > Yes, we should! Good catch, thank you. > I think, it questionable, should we provide such feature in the first release? > Will be added to IEP, anyway. > > > В Пт, 06/04/2018 в 11:59 -0700, Denis Magda пишет: > > Nikolay, Dmitriy R., > > > > Thanks for the research and for writing down a summary in the IEP form. > > > > Please answer several high-level questions: > > > > - Is it necessary to have CEP keys for every cache? Not sure how all the > > keys will be managed if the user wants to encrypt 10-100 caches. Is it > > possible to use a single CEP by default with an option of having a unique > > one for a cache with more sensitive information? > > - It's not written, but I guess it would be up to me which caches to > > encrypt, right? In practice, you don't need to have all the data > > encrypted. > > Usually, companies look to hide personal, payments history, etc. > > - Should we think of procedures of CEP keys regeneration? A key can be > > lost or stolen. > > - Similar question goes for MEP key. > > > > -- > > Denis > > > > On Thu, Apr 5, 2018 at 2:15 PM, Dmitriy Setrakyan <dsetrak...@apache.org> > > wrote: > > > > > Here is a correct link to IEP: > > > https://cwiki.apache.org/confluence/display/IGNITE/IEP- > > > 18%3A+Transparent+Data+Encryption > > > > > > On Thu, Apr 5, 2018 at 12:01 PM, Nikolay Izhikov <nizhi...@apache.org> > > > wrote: > > > > > > > Hello, Igniters. > > > > > > > > Based on previous discussion  we've created "IEP-18: Transparent Data > > > > Encryption"  > > > > I've planned to start implementation of TDE in few weeks. > > > > I will create JIRA ticket for each piece of implementation. > > > > > > > > So, please, see IEP-18 and give us feedback. > > > > > > > > Dima Ryabov, huge thanks for pushing TDE IEP forward. > > > > > > > >  http://apache-ignite-developers.2346864.n4.nabble. > > > > com/Transparent-Data-Encryption-TDE-in-Apache-Ignite-td18957.html > > > >  https://cwiki.apache.org/confluence/pages/viewpage. > > > > action?pageId=75979078
Description: This is a digitally signed message part